Incident Response (IR) is the process of handling a security breach. The goal is to detect, contain, and fix the issue quickly to minimize damage.
- Detect: Identify suspicious activity.
- Contain: Stop the attack from spreading.
- Recover: Restore systems and data.
Example:
If a server is hacked, IR involves isolating it, removing malware, and restoring backups.